Changes between Version 12 and Version 13 of TracStandalone


Ignore:
Timestamp:
17/07/2015 11:41:28 (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v12 v13  
    9393== Using Authentication
    9494
    95 Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives)
    96 
    97 Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected.
     95Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives)
     96
     97Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX).
    9898
    9999Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line.
     
    154154Then to start `tracd` run something like this:
    155155{{{#!sh
    156  $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname
     156 $ tracd -p 8080 --basic-auth="project,/fullpath/environmentname/.htpasswd,realmname" /path/to/project
    157157}}}
    158158
    159159For example:
    160160{{{#!sh
    161  $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv
     161 $ tracd -p 8080 --basic-auth="project,/srv/tracenv/testenv/.htpasswd,My Test Env" /path/to/project
    162162}}}
    163163''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD).
     
    171171=== Generating Passwords Without Apache
    172172
    173 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5.
    174 
    175 You can use this simple Python script to generate a '''digest''' password file:
    176 
    177 {{{#!python
    178 from optparse import OptionParser
    179 # The md5 module is deprecated in Python 2.5
    180 try:
    181     from hashlib import md5
    182 except ImportError:
    183     from md5 import md5
    184 realm = 'trac'
    185 
    186 # build the options
    187 usage = "usage: %prog [options]"
    188 parser = OptionParser(usage=usage)
    189 parser.add_option("-u", "--username",action="store", dest="username", type = "string",
    190                   help="the username for whom to generate a password")
    191 parser.add_option("-p", "--password",action="store", dest="password", type = "string",
    192                   help="the password to use")
    193 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string",
    194                   help="the realm in which to create the digest")
    195 (options, args) = parser.parse_args()
    196 
    197 # check options
    198 if (options.username is None) or (options.password is None):
    199    parser.error("You must supply both the username and password")
    200 if (options.realm is not None):
    201    realm = options.realm
    202    
    203 # Generate the string to enter into the htdigest file
    204 kd = lambda x: md5(':'.join(x)).hexdigest()
    205 print ':'.join((options.username, realm, kd([options.username, realm, options.password])))
    206 }}}
    207 
    208 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py):
    209 
    210 {{{#!sh
    211  $ python trac-digest.py -u username -p password >> c:\digest.txt
    212  $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name
     173Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5.
     174
     175Trac also provides `htpasswd` and `htdigest` scripts in `contrib`:
     176{{{#!sh
     177$ ./contrib/htpasswd.py -cb htpasswd user1 user1
     178$ ./contrib/htpasswd.py -b htpasswd user2 user2
     179}}}
     180
     181{{{#!sh
     182$ ./contrib/htdigest.py -cb htdigest trac user1 user1
     183$ ./contrib/htdigest.py -b htdigest trac user2 user2
    213184}}}
    214185
    215186==== Using `md5sum`
    216187It is possible to use `md5sum` utility to generate digest-password file:
    217 {{{
     188{{{#!sh
    218189user=
    219190realm=